Encrypted, incremental backups made nice and easy
================

Create encrypted incremental backups using standard commonly-available Unix command line utilities using this script. 

By making use of strong asymmetric encryption (PGP), the backup files produced could be subsequently hosted into any online hosting service without the risk of having your data read by unintended people: they would be **host-proof**. You could even use Google Drive!

## Instructions ##

This script uses `gpg` and common Unix archiving mechanisms to do the work. `tar` is the default archiver used for now, but eventually it will be possible to change it to your favorite format provided you have it installed in your machine. Make sure you've got `gpg` set up and have at least one *strong pair of keys* available to start working!

First, copy the file `backuprc` to your home directory under the name of `.backuprc`:

    cp backuprc ~/.backuprc

Edit this file and change the following line to acommodate your key id (usually the email address associated to your private key). This will be the public key used to encrypt the backup, and also the associated private key with which you will recover the content later.

    recipient="someone@example.com" # change it accordingly!

Now you're all set to start creating backups! Currently, only backups of a single folder work, so get one folder full of important files and run:

    backup.sh --encrypt folder/

If you will back up a single folder only and would like to sign the file as well to ensure integrity, add the `--sign` option to it. Because you'll use your private key to sign, you will be prompted for your password.

    backup.sh --sign --encrypt folder/

Your new encrypted backup will be available as `folderYYYYMMDD.tar.gz.gpg`, where `YYYYMMDD` is today's date (for a simple form of versioning). Put it somewhere safe!

Suppose you would like to recover your backup. Fetch your encrypted archive from your hideout and run:

    backup.sh --decrypt folderYYYYMMDD.tar.gz.gpg

As you will be dealing with your private key again, you'll be prompted your password. After decryption is done, the file is unzipped, resulting in your original `folder` directory getting back to you.

## Warnings ##

As usual, this is highly experimental software, and the warnings from the GPL apply very especially here: 

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    GNU General Public License for more details.

A few tips to make these backups more reliable and sturdy:

 - Use a *strong PGP key*. Strong here could mean something like 4096 bits RSA, using a strong passphrase to unlock the key, storing the key somewhere safe, changing the key passphrase every random interval of time... but really, you should ask a professional cryptographer about that.
 - **Choose a trustworthy host** to upload the backup. Technically, the host still "has" your data (even though it can't read it) so it can still tamper with it, attempt to crack it, send it to someone else, or even be a complete chicken-shit and delete it without your consent. Even signing the file doesn't help much in this case. An honest hosting service minimizes the chances of these things happening.
 - **Protect your account** on a trustworthy host. Even if the host is kind-hearted, other people stalking you might not be. Keep your account safe from hacking or even create other backups elsewhere to minimize the chance of losses from thievery or stalking.

Also, just to make it clear: **I am not an IT security professional. I'm a hacker who likes shell scripting**. This program has **not** been audited from a security standpoint, and I do not guarantee it's complete safety.

## Roadmap ##

Here's what's coming up for the future releases:

 - Ability to choose different archiving formats.
 - Ability to glob files and create archives from files in different folders.
 - Incremental backups (no need to recreate a full backup for only a few files)
 - Multiple recipients for the backup (shared encryption!)

## Credits ##

The authors of `gpg` and `tar` and everything Unix deserve all my respect for their brilliance and effort.

`backup.sh` is written by [Klaus Zimmermann](https://notabug.org/kzimmermann)

See the [LICENSE](src/LICENSE) file for more information on how can you use this program.
